def publish_error_message(trace_id, check_history_id, aws_request_id, message): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: subject = "セキュリティチェック結果メール通知失敗({0})".format( common_utils.get_environ(CommonConst.STAGE)) message = "RequestID: {0}\nCheckHistoryID: {1}\nMessage: {2}".format( aws_request_id, check_history_id, message) aws_common.aws_sns( trace_id, subject, message, common_utils.get_environ(CommonConst.SENDMAIL_ERROR_NOTIFY_TOPIC)) except PmError as e: pm_logger.error("通知メール送信エラーメッセージのパブリッシュに失敗しました")
def test_upload_json_success(self): # connect s3 resource_s3 = s3_utils.resource_connect() check_bucket = common_utils.get_environ("S3_CHECK_BUCKET") # prepare data resource_s3.create_bucket(Bucket=check_bucket) more_binary_data = json.dumps(data_file, indent=4, default=FileUtils.convert_handler, ensure_ascii=False) with patch.object(PmLogAdapter, 'info', return_value=None) as mock_method_info: with patch.object(boto3, 'client') as mock_method_client: mock_method_client.return_value = client_s3 with patch.object(client_s3, 'put_object') as mock_method: # call function test FileUtils.upload_json(trace_id, "S3_CHECK_BUCKET", data_file, s3_file_name) # check write log info mock_method_info.assert_any_call( "Upload file json [%s] success on bucket [%s]", s3_file_name, check_bucket) # check connect client mock_method_client.assert_called_with('s3') # check param call function put_object mock_method.assert_any_call(Body=more_binary_data, Bucket=check_bucket, Key=s3_file_name)
def test_s3_delete_report_success(self): # connect s3 resource_s3 = s3_utils.resource_connect() client_s3 = s3_utils.client_connect() report_bucket = common_utils.get_environ("S3_REPORT_BUCKET") # prepare data resource_s3.create_bucket(Bucket=report_bucket) client_s3.put_object(Body=json.dumps( copy.deepcopy(DataTestS3.INFO_BUCKET)), Bucket=report_bucket, Key=prefix) mybucket = resource_s3.Bucket(name=report_bucket) with patch.object(boto3, 'resource') as mock_method_resource: mock_method_resource.return_value = resource_s3 with patch.object(resource_s3, 'Bucket') as mock_method_bucket: mock_method_bucket.return_value = mybucket # call function test aws_common.s3_delete_report(trace_id, report_id) report_delete = True # check report delete for obj in mybucket.objects.filter(Prefix=prefix): report_delete = False # check result self.assertTrue(report_delete) # check connect resource mock_method_resource.assert_called_with('s3')
def test_execute_security_check_handler_success(self): # mock object patch_aws_sns = patch("premembers.common.aws_common.aws_sns") patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4") # start mock object mock_aws_sns = patch_aws_sns.start() mock_get_uuid4 = patch_get_uuid4.start() # mock data mock_aws_sns.side_effect = None mock_get_uuid4.return_value = check_history_id # addCleanup stop mock object self.addCleanup(patch_aws_sns.stop) self.addCleanup(patch_get_uuid4.stop) event_mock = event_create.get_event_object( path_parameters=path_parameters, trace_id=user_id_test, email=email) # Call function test actual_response = awschecks.execute_security_check_handler( event_mock, {}) # assert call aws_sns topic_arn = common_utils.get_environ( CommonConst.SECURITYCHECK_EXECUTE_TOPIC) subject = "USER : {0}".format(execute_user_id) message = {'CheckHistoryId': check_history_id} mock_aws_sns.assert_called_once_with(user_id_test, subject, json.dumps(message), topic_arn) # Get data response actual_status_code = actual_response['statusCode'] actual_response_bodys = json.loads(actual_response['body']) expect_response_pm_checkHistory = mock_pm_checkHistory.query_key( check_history_id) # Check data self.assertEqual(HTTPStatus.CREATED, actual_status_code) self.assertEqual(expect_response_pm_checkHistory['CheckCode'], actual_response_bodys['checkCode']) self.assertEqual(expect_response_pm_checkHistory['CheckStatus'], actual_response_bodys['checkStatus']) self.assertEqual('', actual_response_bodys['errorCode']) self.assertEqual(expect_response_pm_checkHistory['ExecutedDateTime'], actual_response_bodys['executedDateTime']) self.assertEqual(expect_response_pm_checkHistory['ExecutedType'], actual_response_bodys['executedType']) self.assertEqual(expect_response_pm_checkHistory['CheckHistoryID'], actual_response_bodys['id']) self.assertEqual(expect_response_pm_checkHistory['OrganizationID'], actual_response_bodys['organizationId']) self.assertEqual(expect_response_pm_checkHistory['ProjectID'], actual_response_bodys['projectId']) self.assertEqual('', actual_response_bodys['reportFilePath'])
def test_upload_csv_success(self): # connect s3 resource_s3 = s3_utils.resource_connect() check_bucket = common_utils.get_environ("S3_CHECK_BUCKET") # prepare data resource_s3.create_bucket(Bucket=check_bucket) with patch.object(PmLogAdapter, 'info', return_value=None) as mock_method_info: with patch.object(boto3, 'client') as mock_method_client: mock_method_client.return_value = client_s3 with patch.object(client_s3, 'put_object') as mock_method: # call function test FileUtils.upload_csv(trace_id, "S3_CHECK_BUCKET", data_file, s3_file_name) # check write log info mock_method_info.assert_any_call( "Upload file csv [%s] success on bucket [%s]", s3_file_name, check_bucket) # check connect client mock_method_client.assert_called_with('s3') # check param call function put_object mock_method.assert_any_call(Body=data_file, Bucket=check_bucket, Key=s3_file_name)
def test_check_exists_file_s3_success_case_not_exists_file_s3(self): # connect s3 resource_s3 = s3_utils.resource_connect() check_bucket = common_utils.get_environ("S3_CHECK_BUCKET") s3_file_name_not_exists = "check_history_id/organization_id/project_id/awsaccount/raw/filenamenotexists.json" # prepare data resource_s3.create_bucket(Bucket=check_bucket) mybucket = resource_s3.Bucket(name=check_bucket) with patch.object(boto3, 'resource') as mock_method_resource: mock_method_resource.return_value = resource_s3 with patch.object(resource_s3, 'Bucket') as mock_method_bucket: mock_method_bucket.return_value = mybucket # call function test actual_response = aws_common.check_exists_file_s3( trace_id, "S3_CHECK_BUCKET", s3_file_name_not_exists) # check result expected_response = False self.assertEqual(expected_response, actual_response) # check connect resource mock_method_resource.assert_called_with('s3')
def test_check_exists_file_s3_success_case_exists_file_s3(self): # connect s3 resource_s3 = s3_utils.resource_connect() client_s3 = s3_utils.client_connect() check_bucket = common_utils.get_environ("S3_CHECK_BUCKET") # prepare data resource_s3.create_bucket(Bucket=check_bucket) client_s3.put_object(Body=json.dumps( copy.deepcopy(DataTestS3.INFO_BUCKET)), Bucket=check_bucket, Key=s3_file_name) mybucket = resource_s3.Bucket(name=check_bucket) with patch.object(boto3, 'resource') as mock_method_resource: mock_method_resource.return_value = resource_s3 with patch.object(resource_s3, 'Bucket') as mock_method_bucket: mock_method_bucket.return_value = mybucket # call function test actual_response = aws_common.check_exists_file_s3( trace_id, "S3_CHECK_BUCKET", s3_file_name) # check result expected_response = True self.assertEqual(expected_response, actual_response) # check connect resource mock_method_resource.assert_called_with('s3')
def test_read_csv_success(self): # prepare data check_bucket = common_utils.get_environ("S3_CHECK_BUCKET") data_file = copy.deepcopy(DataTestS3.DATA_TEST_UPLOAD_CSV) client_s3.create_bucket(Bucket=check_bucket) client_s3.put_object(Body=data_file, Bucket=check_bucket, Key=s3_file_name) object_csv = client_s3.get_object(Bucket=check_bucket, Key=s3_file_name) object_csv_copy = copy.deepcopy(object_csv) with patch.object(PmLogAdapter, 'info', return_value=None) as mock_method_info: with patch.object(boto3, 'client') as mock_method_client: mock_method_client.return_value = client_s3 with patch.object(client_s3, 'get_object') as mock_method: mock_method.return_value = object_csv # call function test actual_response = FileUtils.read_csv( trace_id, 'S3_CHECK_BUCKET', s3_file_name) # check result expected_result = str(object_csv_copy['Body'].read().decode()) self.assertEqual(expected_result, actual_response) # check write log info mock_method_info.assert_any_call('read csv success') # check connect client mock_method_client.assert_called_with('s3') # check param call function get_object mock_method.assert_any_call(Bucket=check_bucket, Key=s3_file_name)
def publish_error_message_send_checkerror_email(trace_id, check_history_id, organization_id, project_id, aws_request_id, message): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: subject = "チェックバッチエラー通知メール送信失敗({0})".format( common_utils.get_environ(CommonConst.STAGE)) message = "RequestID: {0}\nCheckHistoryID: {1}\nOrganizationID: {2}\nProjectID: {3}\nMessage: {3}".format( aws_request_id, check_history_id, organization_id, project_id, message) aws_common.aws_sns( trace_id, subject, message, common_utils.get_environ(CommonConst.SENDMAIL_ERROR_NOTIFY_TOPIC)) except PmError: pm_logger.error("通知メール送信エラーメッセージのパブリッシュに失敗しました。")
def get_membership_aws_account(trace_id, session, aws_account): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # デフォルト値はメンバーズに加入していないAWSアカウントです。 members = Members.Disable # 対象AWSアカウントに対する接続を作成します。 try: client = session.client(service_name="iam") except ClientError as e: pm_logger.error("[%s] IAMクライアント作成に失敗しました。", aws_account) return members # IAMクライアントを用いて、IAMロールcm-membersportalを取得します。 cm_members_role_name = common_utils.get_environ( CommonConst.CM_MEMBERS_ROLE_NAME, CommonConst.CM_MEMBERS_PORTAL) try: get_role(trace_id, client, cm_members_role_name) members = Members.Enable pm_logger.info("[%s] IAMロール「%s」が存在します。", aws_account, cm_members_role_name) except PmError as e: if e.cause_error.response['Error'][ 'Code'] == CommonConst.NO_SUCH_ENTITY: pm_logger.info("[%s] IAMロール「%s」が存在しません。", aws_account, cm_members_role_name) else: pm_logger.warning("[%s] IAMロール「%s」の取得に失敗しました。", aws_account, cm_members_role_name) return members
def test_read_object_success(self): data_file = copy.deepcopy(DataYaml.DATA_FILE_YAML) # prepare data check_bucket = common_utils.get_environ("S3_CHECK_BUCKET") client_s3.create_bucket(Bucket=check_bucket) client_s3.put_object(Body=data_file, Bucket=check_bucket, Key=s3_file_name) object_file = client_s3.get_object(Bucket=check_bucket, Key=s3_file_name) object_file_copy = copy.deepcopy(object_file) with patch.object(boto3, 'client') as mock_method_client: mock_method_client.return_value = client_s3 with patch.object(client_s3, 'get_object') as mock_method: mock_method.return_value = object_file # call function test actual_response = FileUtils.read_object( trace_id, 'S3_CHECK_BUCKET', s3_file_name) # check result expected_result = object_file_copy['Body'].read() self.assertEqual(expected_result, actual_response) # check connect client mock_method_client.assert_called_with('s3') # check param call function get_object mock_method.assert_any_call(Bucket=check_bucket, Key=s3_file_name)
def test_execute_security_check_with_executed_type_case_error_get_pm_check_history(self): # patch mock patch_get_projects_by_organization_id = patch( "premembers.repository.pm_projects.get_projects_by_organization_id" ) patch_create_pm_check_history = patch( "premembers.repository.pm_checkHistory.create") patch_aws_sns = patch("premembers.common.aws_common.aws_sns") patch_query_key_pm_check_history = patch("premembers.repository.pm_checkHistory.query_key") patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4") # start mock object mock_query_key_pm_check_history = patch_query_key_pm_check_history.start() mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start() mock_create_pm_check_history = patch_create_pm_check_history.start() mock_aws_sns = patch_aws_sns.start() mock_get_uuid4 = patch_get_uuid4.start() mock_error_exception = mock_common_utils.mock_error_exception(self) # mock object mock_query_key_pm_check_history.side_effect = PmError() mock_get_projects_by_organization_id.return_value = data_pm_project mock_create_pm_check_history.side_effect = None mock_aws_sns.side_effect = None mock_get_uuid4.return_value = check_history_id # addCleanup stop mock object self.addCleanup(patch_get_projects_by_organization_id.stop) self.addCleanup(patch_create_pm_check_history.stop) self.addCleanup(patch_aws_sns.stop) self.addCleanup(patch_get_uuid4.stop) # call function test actual_response = awschecks_logic.execute_security_check_with_executed_type( trace_id, organization_id, project_id, execute_user_id, email, "MANUAL") # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert call aws_sns topic_arn = common_utils.get_environ( CommonConst.SECURITYCHECK_EXECUTE_TOPIC) subject = "USER : {0}".format(execute_user_id) message = {'CheckHistoryId': check_history_id} mock_aws_sns.assert_called_once_with(trace_id, subject, json.dumps(message), topic_arn) # assert output function actual_response_body = json.loads(actual_response["body"]) err_402 = MsgConst.ERR_402 self.assertEqual(err_402["code"], actual_response_body["code"]) self.assertEqual(err_402["message"], actual_response_body["message"]) self.assertEqual(err_402["description"], actual_response_body["description"]) self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value, actual_response["statusCode"])
def read_object(trace_id, bucket, s3_file_name): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: global global_s3_client if not global_s3_client: global_s3_client = boto3.client('s3') response = global_s3_client.get_object( Bucket=common_utils.get_environ(bucket), Key=s3_file_name) return response['Body'].read() except ClientError as e: raise common_utils.write_log_exception(e, pm_logger)
def execute_security_check_with_executed_type(trace_id, organization_id, project_id, user_id, email, executed_type): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # リソース関連性のバリデーションチェックを行います。 try: project = pm_projects.get_projects_by_organization_id( trace_id, project_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not project: return common_utils.error_common( MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) try: check_history_id = common_utils.get_uuid4() executed_date_time = common_utils.get_current_date() pm_checkHistory.create(trace_id, check_history_id, organization_id, project_id, CHECK_SECURITY, CheckStatus.Waiting, None, executed_type, None, executed_date_time, None, user_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) try: topic_arn = common_utils.get_environ( CommonConst.SECURITYCHECK_EXECUTE_TOPIC) subject = "USER : {0}".format(user_id) message = { 'CheckHistoryId': check_history_id } # Publish message aws_common.aws_sns(trace_id, subject, json.dumps(message), topic_arn) except PmError as e: common_utils.write_log_pm_error(e, pm_logger, exc_info=True) try: check_history = pm_checkHistory.query_key(trace_id, check_history_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, check_history) return common_utils.response(response, pm_logger)
def test_execute_security_check_with_executed_type_case_error_publish_message(self): # patch mock patch_get_projects_by_organization_id = patch( "premembers.repository.pm_projects.get_projects_by_organization_id" ) patch_create_pm_check_history = patch( "premembers.repository.pm_checkHistory.create") patch_aws_sns = patch("premembers.common.aws_common.aws_sns") patch_query_key_pm_check_history = patch("premembers.repository.pm_checkHistory.query_key") patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4") # start mock object mock_query_key_pm_check_history = patch_query_key_pm_check_history.start() mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start() mock_create_pm_check_history = patch_create_pm_check_history.start() mock_aws_sns = patch_aws_sns.start() mock_get_uuid4 = patch_get_uuid4.start() # mock object mock_query_key_pm_check_history.return_value = data_pm_check_history mock_get_projects_by_organization_id.return_value = data_pm_project mock_create_pm_check_history.side_effect = None mock_aws_sns.side_effect = PmError() mock_get_uuid4.return_value = check_history_id # addCleanup stop mock object self.addCleanup(patch_get_projects_by_organization_id.stop) self.addCleanup(patch_create_pm_check_history.stop) self.addCleanup(patch_aws_sns.stop) self.addCleanup(patch_get_uuid4.stop) # call function test actual_response = awschecks_logic.execute_security_check_with_executed_type( trace_id, organization_id, project_id, execute_user_id, email, "MANUAL") # assert call aws_sns topic_arn = common_utils.get_environ( CommonConst.SECURITYCHECK_EXECUTE_TOPIC) subject = "USER : {0}".format(execute_user_id) message = {'CheckHistoryId': check_history_id} mock_aws_sns.assert_called_once_with(trace_id, subject, json.dumps(message), topic_arn) # Get data response actual_status_code = actual_response['statusCode'] actual_response_bodys = json.loads(actual_response['body']) # Check data self.assertEqual(HTTPStatus.CREATED, actual_status_code) self.assertEqual(data_pm_check_history, actual_response_bodys)
def test_apply_change_email_handler_error_read_file_template(self): # mock object patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools') patch_method_error = patch.object(PmLogAdapter, "error") patch_read_decode = patch("premembers.common.FileUtils.read_decode") patch_read_yaml = patch("premembers.common.FileUtils.read_yaml") # start mock object mock_get_cognito_user_pools = patch_get_cognito_user_pools.start() mock_method_error = patch_method_error.start() mock_read_yaml = patch_read_yaml.start() mock_read_decode = patch_read_decode.start() # mock data mock_get_cognito_user_pools.return_value = [] mock_method_error.return_value = None mock_read_yaml.return_value = response_data_config mock_read_decode.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_cognito_user_pools.stop) self.addCleanup(patch_method_error.stop) self.addCleanup(patch_read_yaml.stop) self.addCleanup(patch_read_decode.stop) # Call function test body = { "mailAddress": mail_after, "callerServiceName": "insightwatch", "mailLang": language_mail_test } event_mock = event_create.get_event_object( trace_id=trace_id, email=mail_before, body=json.dumps(body)) result = user.apply_change_email_handler(event_mock, {}) # Check data mock_method_error.assert_any_call( "メールアドレス変更通知メール本文テンプレートファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), "check/notify/mail/insightwatch_apply_change_mail_template_ja.tpl") response_body = json.loads(result['body']) err_s3_702 = MsgConst.ERR_S3_702 self.assertEqual(err_s3_702['code'], response_body['code']) self.assertEqual(err_s3_702['message'], response_body['message']) self.assertEqual(err_s3_702['description'], response_body['description']) self.assertEqual(result['statusCode'], HTTPStatus.INTERNAL_SERVER_ERROR.value)
def check_exists_file_s3(trace_id, bucket, prefix, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) result = False try: s3 = boto3.resource('s3') mybucket = s3.Bucket(name=common_utils.get_environ(bucket)) for object in mybucket.objects.filter(Prefix=prefix): result = True break except Exception as e: raise common_utils.write_log_exception(e, logger) return result
def read_json(trace_id, bucket, s3_file_name, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: global global_s3_client if not global_s3_client: global_s3_client = boto3.client('s3') response = global_s3_client.get_object( Bucket=common_utils.get_environ(bucket), Key=s3_file_name) result = json.loads(response['Body'].read()) logger.info("read json success") return result except ClientError as e: raise common_utils.write_log_exception(e, logger)
def get_security_check_report_url(trace_id, user_id, history_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # チェック履歴情報を取得します。 try: check_history = pm_checkHistory.get_check_history_by_status( trace_id, history_id, CheckStatus.ReportCompleted) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 該当するレコードが存在しない場合(取得件数が0件) if len(check_history) == 0: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # 取得したチェック履歴情報より組織IDを取得する organization_id = check_history[0]['OrganizationID'] # アクセス権限チェックを行います response_authority = checkauthority.authority( trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) # 有効期限が作成から1時間となる署名付きURLを作成します。 try: signed_url = aws_common.generate_presigned_url( trace_id, common_utils.get_environ('S3_CHECK_BUCKET'), check_history[0]['ReportFilePath']) except PmError as e: return common_utils.error_exception(MsgConst.ERR_999, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response_body = {"URL": signed_url} response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_body) return common_utils.response(response, pm_logger)
def test_read_json_success(self): # prepare data bucket_name = common_utils.get_environ("S3_CHECK_BUCKET") client_s3.create_bucket(Bucket=bucket_name) body = json.dumps(data_test_upload_s3) client_s3.put_object(Bucket=bucket_name, Key=s3_file_name, Body=body) with patch.object(PmLogAdapter, 'info', return_value=None) as mock_method_info: with patch.object(boto3, "client", return_value=client_s3): # call function test actual_result = FileUtils.read_json(trace_id, "S3_CHECK_BUCKET", s3_file_name) # check result self.assertEqual(data_test_upload_s3, actual_result) # check write log info mock_method_info.assert_any_call('read json success')
def upload_csv(trace_id, bucket, data, s3_file_name, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) bucket_name = common_utils.get_environ(bucket) try: global global_s3_client if not global_s3_client: global_s3_client = boto3.client('s3') # Upload the file to S3 global_s3_client.put_object(Body=data, Bucket=bucket_name, Key=s3_file_name) logger.info("Upload file csv [%s] success on bucket [%s]", s3_file_name, bucket_name) except ClientError as e: raise common_utils.write_log_exception(e, logger)
def test_execute_change_email_case_read_yaml_error(self): # patch mock patch_read_yaml = patch('premembers.common.FileUtils.read_yaml') mock_error_exception = mock_common_utils.mock_error_exception(self) # start mock object mock_read_yaml = patch_read_yaml.start() # mock data mock_read_yaml.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_read_yaml.stop) with patch.object(PmLogAdapter, 'error', return_value=None) as mock_method_error: # call function test result = user_logic.execute_change_email(apply_id) # Check data status_code = result['statusCode'] response_body = result['body'] response_headers = result['headers'] self.assertEqual(HTTPStatus.OK.value, status_code) self.assertEqual(response_error_page_caller_service_insightwatch, response_body) self.assertEqual(content_type_text_html, response_headers['content-type']) # check param call function read_yaml mock_read_yaml.assert_called_once_with(apply_id, s3_setting_bucket, notify_config_cis_result_mail) mock_error_exception.assert_called_once() # check write log error mock_method_error.assert_called_once_with( "メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(s3_setting_bucket), notify_config_cis_result_mail)
def test_publish_error_message_send_checkerror_email_case_success(self): # mock object patch_aws_sns = patch("premembers.common.aws_common.aws_sns") # start mock object mock_aws_sns = patch_aws_sns.start() # mock data mock_aws_sns.side_effect = None # addCleanup stop mock object self.addCleanup(patch_aws_sns.stop) # call function test awschecksBatch_logic.publish_error_message_send_checkerror_email( trace_id, check_history_id, organization_id, project_id, context_aws.aws_request_id, message) # check param call function aws_sns mock_aws_sns.assert_any_call( trace_id, subject, body_mail, common_utils.get_environ(CommonConst.SENDMAIL_ERROR_NOTIFY_TOPIC))
def get_all_projects(trace_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) exclusiveStartKey = None projects = [] limit = int(common_utils.get_environ("NUM_OF_PROJECT_ITEMS_PER_1TIME")) segment = 0 while True: try: result = DB_utils.scan(trace_id, Tables.PM_PROJECTS, limit, exclusiveStartKey) projects.extend(result['Items']) if (common_utils.check_key('LastEvaluatedKey', result)): exclusiveStartKey = result['LastEvaluatedKey'] else: break segment += 1 time.sleep(1) except PmError as e: pm_logger.warning("プロジェクト情報取得に失敗しました。: 取得回数=%s、一度に取得する件数=%s", segment, limit) break return common_utils.response(projects, pm_logger), segment
def upload_json(trace_id, bucket, data, s3_file_name, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) bucket_name = common_utils.get_environ(bucket) try: global global_s3_client if not global_s3_client: global_s3_client = boto3.client('s3') more_binary_data = json.dumps(data, indent=4, default=convert_handler, ensure_ascii=False) # Upload the file to S3 global_s3_client.put_object(Body=more_binary_data, Bucket=bucket_name, Key=s3_file_name) logger.info("Upload file json [%s] success on bucket [%s]", s3_file_name, bucket_name) except ClientError as e: raise common_utils.write_log_exception(e, logger)
def execute_change_email(apply_id): pm_logger = common_utils.begin_logger(apply_id, __name__, inspect.currentframe()) # バリデーションチェックを行います if common_utils.is_null(apply_id): return common_utils.error_common(MsgConst.ERR_201, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # set default value caller_service_name = 'insightwatch' # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(apply_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: pm_logger.error( "メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) return common_utils.get_response_by_response_body( HTTPStatus.OK, CommonConst.DEFAULT_RESPONSE_ERROR_PAGE[caller_service_name], is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # set data response error page default response_error_page = config[CommonConst.KEY_RESPONSE_ERROR_PAGE.format( serviceName=caller_service_name)] # メールアドレス変更申請テーブルから申請レコードを取得します。 try: email_change_apply_info = pm_emailChangeApply.query_key( apply_id, apply_id, None) except PmError: pm_logger.error("メールアドレス変更申請テーブルでレコード取得に失敗しました。変更申請ID: %s", apply_id) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) if not email_change_apply_info: pm_logger.warning("メールアドレス変更申請テーブルでレコードが存在しませんでした。変更申請ID: %s", apply_id) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) user_name = email_change_apply_info['UserID'] if common_utils.check_key('CallerServiceName', email_change_apply_info): caller_service_name = email_change_apply_info['CallerServiceName'] # data response page response_error_page = config[CommonConst.KEY_RESPONSE_ERROR_PAGE.format( serviceName=caller_service_name)] response_execute_change_email = config[ CommonConst.KEY_RESPONSE_EXECUTE_CHANGE_EMAIL.format( serviceName=caller_service_name)] # メールアドレス変更申請テーブルから取得した UserID でCognito に合致する該当するユーザー情報を取得します。 try: user_info = aws_common.get_cognito_user_info_by_user_name( apply_id, user_name) except PmError: pm_logger.error("Cognitoから情報取得に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) if not user_info: pm_logger.warning("Cognitoにユーザーが存在しませんでした。ユーザーID: %s", user_name) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) before_mail_address = email_change_apply_info['BeforeMailAddress'] after_mail_address = email_change_apply_info['AfterMailAddress'] # get cognito email cognito_email = jmespath.search("[?Name=='email'].Value | [0]", user_info['UserAttributes']) if before_mail_address != cognito_email: pm_logger.warning("変更前メールアドレスがCognitoのメールアドレスと合致しませんでした。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # Cognitoのメールアドレスを変更する try: user_attributes = [{ 'Name': 'email', 'Value': after_mail_address }, { 'Name': 'email_verified', 'Value': 'true' }] aws_common.update_cognito_user_attributes(apply_id, user_name, user_attributes) except PmError: pm_logger.error("Cognitoの項目変更に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # get list affiliations try: affiliations = pm_affiliation.query_userid_key(apply_id, user_name) except PmError: pm_logger.error("ユーザー所属テーブルでレコード取得に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) for affiliation in affiliations: try: org_notify_mail_destinations = pm_orgNotifyMailDestinations.query_key( apply_id, affiliation['OrganizationID'], CommonConst.NOTIFY_CODE, None) except PmError: pm_logger.error("組織別通知メール宛先テーブルでレコード取得に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) if org_notify_mail_destinations: destinations_update = [] for destination in org_notify_mail_destinations['Destinations']: if destination['MailAddress'] == before_mail_address: destination['MailAddress'] = after_mail_address destinations_update.append(destination) # update pm_orgNotifyMailDestinations try: attribute = {'Destinations': {"Value": destinations_update}} pm_orgNotifyMailDestinations.update( apply_id, org_notify_mail_destinations['OrganizationID'], org_notify_mail_destinations['NotifyCode'], attribute) except PmError: pm_logger.error("組織別通知メール宛先テーブルでレコード更新に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # update pm_affiliation try: attribute = {'MailAddress': {"Value": after_mail_address}} pm_affiliation.update_affiliation(apply_id, affiliation['UserID'], affiliation['OrganizationID'], attribute, affiliation['UpdatedAt']) except PmError: pm_logger.error("ユーザー所属テーブルでレコード更新に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # メールアドレス変更申請テーブルで変更申請ID{applyid}をキーにして申請レコードを削除する。 try: pm_emailChangeApply.delete(apply_id, apply_id) except PmError: pm_logger.error("メールアドレス変更申請テーブルでレコード削除に失敗しました。変更申請ID: %s", apply_id) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # data response response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_execute_change_email, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) return common_utils.response(response, pm_logger)
def apply_change_email(user_id, mail_before_change, data_body): pm_logger = common_utils.begin_logger(user_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) mail_after_change = common_utils.get_value("mailAddress", body_object, None) caller_service_name = common_utils.get_value("callerServiceName", body_object, None) mail_lang = common_utils.get_value("mailLang", body_object, None) # validate list_errors = validate_param_apply_change_email(user_id, mail_lang, caller_service_name, mail_before_change) if list_errors: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_errors, pm_logger) # Cognito UserPoolsから変更するメールアドレス{mailaddress}に該当するユーザー情報情報を取得します。 try: list_users = aws_common.get_cognito_user_pools(user_id, mail_after_change, "email") except PmError as e: return common_utils.error_exception(MsgConst.ERR_COGNITO_501, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if list_users: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # メールアドレス変更申請テーブルから申請レコードを取得します。 try: list_email_change_apply = pm_emailChangeApply.query_user_index(user_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if list_email_change_apply: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # メールアドレス変更申請テーブルに申請レコードを作成します。 apply_id = common_utils.get_uuid4() time_to_live = common_utils.get_time_to_live( CommonConst.EMAIL_CHANGE_APPLY_EXPIRATION_DATE) try: pm_emailChangeApply.create(user_id, apply_id, mail_before_change, mail_after_change, time_to_live, caller_service_name) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # get record PM_EmailChangeApply try: result = pm_emailChangeApply.query_key(user_id, apply_id, convert_response=True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(user_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: pm_logger.error( "メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) return common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) path_file_template = config[ CommonConst.KEY_GET_PATH_FILE_TEMPLATE_MAIL_SERVICE.format( language=mail_lang, serviceName=caller_service_name)] # 通知メール本文を作成 try: template_body_mail = FileUtils.read_decode( user_id, CommonConst.S3_SETTING_BUCKET, path_file_template) except PmError as e: pm_logger.error( "メールアドレス変更通知メール本文テンプレートファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_template) return common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # SESで通知メールを送信します。 bcc_addresses = [mail_after_change] template_body_mail = Template(template_body_mail) body_mail = template_body_mail.render(ApplyID=apply_id) mail_subject = config[CommonConst.KEY_MAIL_SUBJECT_SERVICE.format( language=mail_lang, serviceName=caller_service_name)] mail_form = config[CommonConst.KEY_MAIL_FROM_SERVICE.format( serviceName=caller_service_name)] try: aws_common.send_email(user_id, config['ses.region'], mail_form, bcc_addresses, mail_subject, body_mail) except PmError as e: pm_logger.error("通知メール送信に失敗しました。") return common_utils.error_exception(MsgConst.ERR_SES_801, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, result) return common_utils.response(response, pm_logger)
def execute_send_result_slack(trace_id, check_history_id, language): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # チェック結果テーブルのCheckHistoryIndexから、チェック履歴ID{CheckHistoryId}をキーとしてチェック結果一覧を取得します。 try: list_check_result = pm_checkResults.query_history_index( trace_id, check_history_id) except PmError as e: msg_err = "チェック結果の取得に失敗しました。" pm_logger.error(msg_err) common_utils.write_log_pm_error(e, pm_logger, msg_err) return if (not list_check_result): msg_err = "チェック結果の取得に失敗しました。" pm_logger.error(msg_err) return # チェック結果一覧のうちの一つから、組織IDを取得します。 organization_id = list_check_result[0]['OrganizationID'] organization_name = list_check_result[0]['OrganizationName'] project_name = list_check_result[0]['ProjectName'] # 組織別Slack通知設定テーブルから、組織ID、通知コードCHECK_CISをキーとして設定情報を取得します。 try: org_notify_slack = pm_orgNotifySlack.query_key(trace_id, organization_id, CommonConst.NOTIFY_CODE) except PmError as e: msg_err = "Slack設定情報の取得に失敗しました。:OrganizationID={0}, CheckCode={1}".format( organization_id, CommonConst.NOTIFY_CODE) pm_logger.error(msg_err) common_utils.write_log_pm_error(e, pm_logger, msg_err) return if (not org_notify_slack): msg_err = "Slack設定情報の取得に失敗しました。:OrganizationID={0}, CheckCode={1}".format( organization_id, CommonConst.NOTIFY_CODE) pm_logger.error(msg_err) return # S3から通知Slack設定ファイルを取得します。 try: config = FileUtils.read_yaml(trace_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: msg_err = "通知Slack設定ファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) pm_logger.error(msg_err) common_utils.write_log_pm_error(e, pm_logger, msg_err) return if language not in CommonConst.LANGUAGE_SUPPORT: language = CommonConst.LANGUAGE_DEFAULT path_file_template = config[ CommonConst.KEY_GET_PATH_FILE_TEMPLATE_SLACK.format(language=language)] # メッセージ本文を作成します。 try: template_message = FileUtils.read_decode(trace_id, CommonConst.S3_SETTING_BUCKET, path_file_template) except PmError as e: msg_err = "Slack通知本文テンプレートファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_template) pm_logger.error(msg_err) common_utils.write_log_pm_error(e, pm_logger, msg_err) return executed_date_time = date_utils.toString( date_utils.toDate(list_check_result[0]['ExecutedDateTime'], date_utils.UTC), date_utils.PATTERN_YYYYMMDDHHMM, date_utils.get_time_zone_by_language(language)) check_results = [] for check_result in list_check_result: account_aws = CommonConst.AWS_ACCOUNT_MAIL.format( check_result['AWSAccount'][:4], check_result['AWSAccount'][4:8]) check_result = { "accountAWS": account_aws, "okCount": check_result['OKCount'], "ngCount": check_result['NGCount'], "criticalCount": check_result['CriticalCount'], "managedCount": check_result['ManagedCount'], "errorCount": check_result['ErrorCount'] } check_results.append(check_result) template = Template(template_message) context = { 'organizationName': organization_name, 'projectName': project_name, 'executedDateTime': executed_date_time, 'checkResults': check_results } body = template.render(context) mentions = slack_common.convert_command_slack(org_notify_slack['Mentions']) body = CommonConst.KEY_BODY_MESSAGE_SLACK.format(mentions=mentions, body=body) notify_slack = { "username": config[CommonConst.KEY_USER_NAME_SLACK.format(language=language)], "icon_url": config['slack.iconurl'], "text": body } notify_slack = json.dumps(notify_slack) try: slack_common.send_message_slack(trace_id, org_notify_slack['WebhookURL'], notify_slack) except PmError as e: msg_err = "Slack通知のリクエスト送信に失敗しました。:OrganizationID={0}, CheckCode={1}".format( organization_id, CommonConst.NOTIFY_CODE) pm_logger.warning(msg_err) common_utils.write_log_pm_error(e, pm_logger, msg_err)
def send_result_email(trace_id, check_history_id, language): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # チェック結果テーブルのCheckHistoryIndexから、チェック履歴ID{CheckHistoryId}をキーとしてチェック結果一覧を取得します。 try: list_check_result = pm_checkResults.query_history_index( trace_id, check_history_id) except PmError as e: msg_err = "チェック結果の取得に失敗しました。" pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) if (not list_check_result): msg_err = "チェック結果の取得に失敗しました。" pm_logger.error(msg_err) raise PmError(message=msg_err) # チェック結果一覧のうちの一つから、組織IDを取得します。 organization_id = list_check_result[0]['OrganizationID'] organization_name = list_check_result[0]['OrganizationName'] project_name = list_check_result[0]['ProjectName'] # 宛先ユーザーの確認をします。ユーザー所属テーブルのOrganizationIndexから、組織IDをキー try: users = pm_affiliation.query_users_organization_index( trace_id, organization_id, InvitationStatus.Belong) except PmError as e: msg_err = "ユーザー所属情報の取得に失敗しました。:OrganizationID={0}".format( organization_id) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # 組織別通知メール宛先テーブルから、組織ID、通知コードCHECK_CISをキーとして宛先情報を取得します。 try: org_notify_mail_destinations = pm_orgNotifyMailDestinations.query_key( trace_id, organization_id, CommonConst.NOTIFY_CODE) except PmError as e: msg_err = "宛先情報の取得に失敗しました。:OrganizationID={0}, CheckCode={1}".format( organization_id, CommonConst.NOTIFY_CODE) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) if (not org_notify_mail_destinations): msg_err = "宛先情報の取得に失敗しました。:OrganizationID={0}, CheckCode={1}".format( organization_id, CommonConst.NOTIFY_CODE) pm_logger.error(msg_err) raise PmError(message=msg_err) destinations = [] for destination in org_notify_mail_destinations['Destinations']: for user in users: if destination['UserID'] == user['UserID']: destinations.append(destination) break try: if (len(destinations) == 0): pm_orgNotifyMailDestinations.delete(trace_id, organization_id, CommonConst.NOTIFY_CODE) else: attribute = {'Destinations': {"Value": destinations}} pm_orgNotifyMailDestinations.update(trace_id, organization_id, CommonConst.NOTIFY_CODE, attribute) except PmError as e: msg_err = "通知メール宛先ユーザーの更新に失敗しました。:OrganizationID={0}, CheckCode={1}".format( organization_id, CommonConst.NOTIFY_CODE) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(trace_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: msg_err = "通知メール送信設定ファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) language_mail = CommonConst.LANGUAGE_DEFAULT if language in CommonConst.LANGUAGE_SUPPORT: language_mail = language path_file_template = config[CommonConst.KEY_GET_PATH_FILE_TEMPLATE_MAIL. format(language=language_mail)] mail_subject_config = config[CommonConst.KEY_MAIL_SUBJECT.format( language=language_mail)] # 通知メール本文を作成 try: template_body = FileUtils.read_decode(trace_id, CommonConst.S3_SETTING_BUCKET, path_file_template) except PmError as e: msg_err = "知メール本文テンプレートファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_template) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # 通知メール件名を作成 subject_template = Template(mail_subject_config) mail_subject = subject_template.render(project_name=project_name) # メール本文 executed_date_time = date_utils.toString( date_utils.toDate(list_check_result[0]['ExecutedDateTime'], date_utils.UTC), date_utils.PATTERN_YYYYMMDDHHMM, date_utils.ASIA_TOKYO) executed_date_time_utc = date_utils.toString( date_utils.toDate(list_check_result[0]['ExecutedDateTime'], date_utils.UTC), date_utils.PATTERN_YYYYMMDDHHMM, date_utils.UTC) check_results = [] for check_result in list_check_result: account_aws = CommonConst.AWS_ACCOUNT_MAIL.format( check_result['AWSAccount'][:4], check_result['AWSAccount'][4:8]) check_result = { "accountAWS": account_aws, "okCount": check_result['OKCount'], "ngCount": check_result['NGCount'], "criticalCount": check_result['CriticalCount'], "managedCount": check_result['ManagedCount'], "errorCount": check_result['ErrorCount'] } check_results.append(check_result) template = Template(template_body) context = { 'organizationName': organization_name, 'projectName': project_name, 'executedDateTime': executed_date_time, 'executedDateTimeUTC': executed_date_time_utc, 'checkResults': check_results } body = template.render(context) # SESで通知メールを送信します。 list_bcc_addresses = [] bcc_addresses = [] for index, destination in enumerate(destinations): bcc_addresses.append(destination['MailAddress']) if (len(bcc_addresses) >= 50 or len(destinations) == index + 1): list_bcc_addresses.append(bcc_addresses) bcc_addresses = [] for index, bcc_addresses in enumerate(list_bcc_addresses): try: aws_common.send_email(trace_id, config['ses.region'], config['mail.from'], bcc_addresses, mail_subject, body) except PmError as e: msg_err = "通知メール送信に失敗しました。({0}/{1})".format( index + 1, len(list_bcc_addresses)) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err)
def send_checkerror_email(trace_id, aws_account, check_history_id, organization_id, project_id, error_code, execute_user_id, region_name, check_code_item, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # 組織情報を取得する。 try: organization = pm_organizations.get_organization( trace_id, organization_id) except PmError as e: msg_err = "組織情報の取得に失敗しました。OrganizationID={0}".format(organization_id) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # プロジェクト情報を取得する。 try: project = pm_projects.query_key(trace_id, project_id) except PmError as e: msg_err = "プロジェクト情報の取得に失敗しました。ProjectID={0}".format(project_id) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # チェック実行ユーザーのメールアドレスと言語を取得します。 try: user_info = aws_common.get_cognito_user_info_by_user_name( trace_id, execute_user_id) except PmError as e: msg_err = "Cognitoから情報取得に失敗しました。" pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) language = jmespath.search("[?Name=='locale'].Value | [0]", user_info['UserAttributes']) mail_execute_user = jmespath.search("[?Name=='email'].Value | [0]", user_info['UserAttributes']) # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(trace_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: msg_err = "通知メール送信設定ファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) language_mail = CommonConst.LANGUAGE_ENGLISH if language in CommonConst.LANGUAGE_SUPPORT: language_mail = language path_file_template_check_error_notice_mail = config[ CommonConst.KEY_GET_PATH_FILE_TEMPLATE_CHECK_ERROR_NOTICE_MAIL.format( language=language_mail)] path_file_message_notice_error_execute_check_security = config[ CommonConst.KEY_GET_PATH_MESSAGE_NOTICE_ERROR_EXECUTE_CHECK_SECURITY. format(language=language_mail)] mail_subject_config = config[ CommonConst.KEY_CHECK_ERROR_NOTICE_MAIL_SUBJECT.format( language=language_mail)] # エラー通知内容設定ファイルを取得します。 try: messages_notice_error_execute_check_security = FileUtils.read_yaml( trace_id, CommonConst.S3_SETTING_BUCKET, path_file_message_notice_error_execute_check_security) except PmError as e: msg_err = "エラー通知内容設定ファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_message_notice_error_execute_check_security) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # S3から通知メール本文テンプレートファイルを取得します。 try: template_body = FileUtils.read_decode( trace_id, CommonConst.S3_SETTING_BUCKET, path_file_template_check_error_notice_mail) except PmError as e: msg_err = "通知メール本文テンプレートファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_template_check_error_notice_mail) pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err) # に該当する通知内容を取得します。 content_message = messages_notice_error_execute_check_security[ CommonConst.KEY_GET_MESSAGE_NOTICE_ERROR_EXECUTE_CHECK_SECURITY.format( errorCode=error_code)] if data_body is not None: content_message = content_message.format_map(data_body) # 通知メール件名を作成 subject_template = Template(mail_subject_config) project_name = project['ProjectName'] mail_subject = subject_template.render(project_name=project_name) if check_code_item is not None: check_code_item = CommonConst.LIST_CHECK_ITEM_CODE_CONVERT[ check_code_item] template = Template(template_body) context = { 'organizationName': organization['OrganizationName'], 'projectName': project_name, 'checkCodeItem': check_code_item, 'awsAccount': aws_account, 'regionName': region_name, 'contentMessage': content_message } body = template.render(context) # SESで通知メールを送信します bcc_addresses = [mail_execute_user] try: aws_common.send_email(trace_id, config['ses.region'], config['mail.from'], bcc_addresses, mail_subject, body) except PmError as e: msg_err = "通知メール送信に失敗しました。" pm_logger.error(msg_err) raise common_utils.write_log_pm_error(e, pm_logger, msg_err)